Summary
This security update resolves a Microsoft SharePoint Server spoofing vulnerability and Microsoft Excel remote code execution vulnerability. To learn more about the vulnerabilities, see the following security advisories:
Improvements and fixes
This security update contains fixes and improvements for the following nonsecurity issues in SharePoint Server Subscription Edition:
-
Fixes an issue in which you cannot see the files that are accessed recently under the Recent tab in OneDrive. This issue occurs because the search API does not work when the HTTP_Origin header is not null.
-
Fixes an issue in which you cannot retore a subsite by using System Center Data Protection Manager (DPM).
-
Enables the "kid" claim for OpenID Connect (OIDC) when a metadata endpoint is in use.
-
Fixes an issue in which the group header is shown incorrectly when you select Group by Date on the Date column in a document library modern view.
-
Fixes an issue in which you cannot copy and paste values into the Person or Group column by using Quick Edit in a custom list if the account has same first and last name values as other accounts have.
-
Fixes an issue in which users who don't have the "View Items" permission can't see the left navigation pane on modern sites that have the publishing features enabled.
-
Fixes an issue in which the filter functionality does not work in a lookup column that contains a DateTime-type value.
-
Fixes an issue in which the "Share with me" page is broken in the Internet Explorer browser.
-
Sets the incremental crawl schedule to null when you disable continuous crawl.
-
Fixes an issue in which multiline deletion does not work as expected when you edit in grid view for a list.
-
Fixes an issue in which the heading level is incorrectly defined as H4 on the Change theme pane.
-
Fixes an accessibility issue in which the New link dialog box is missing the dialog role and name.
This security update also contains fixes and improvements for the following nonsecurity issues in Project Server:
-
Fixes the DatabaseUndefinedError and System.Data.SqlClient.SqlException (0x80131904): There is already an object named 'pk_lt_uids' in the database errors that occur when you query lookup tables by using the SharePoint client-side object model (CSOM).
-
Fixes an issue in which the language of the values inflag-type custom fields within an online analytical processing (OLAP) cube do not match the Project Server language.For example, the flag values appear as "True" or "False" in English, and they are "Vero" or "Falso" in Italian, but the values are always displayed in the English form.
-
Fixes an issue in which upgrading from Project Server 2019 to Project Server Subscription Edition fails and generates an "Object too new" error message in some cases.
Known issues in this update
-
Modern home page (or any site pages) cannot render well in Internet Explorer browser. To work around this issue, you can use other modern browsers such as Microsoft Edge, Google Chrome to access the page.
-
In modern home page (or any site pages), you cannot do the "open the detail pane" action in the List web part and Document Library web part. To work around this issue, access the corresponding list or document page to do the similar operation.
-
Modern site pages cannot work properly in the left navigation panel, web part editing panel, and site page title editing. Microsoft will provide the fix in the next release.
How to get and install the update
Method 1: Microsoft Update
This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.
Method 2: Microsoft Update Catalog
To get the standalone package for this update, go to the Microsoft Update Catalog website.
Method 3: Microsoft Download Center
You can get the standalone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.
More information
Security update deployment information
For deployment information about this update, see Security update deployment information: April 12, 2022 (KB5012926).
Security update replacement information
This security update replaces previously released security update 5002145.
File hash information
File name |
SHA256 hash |
---|---|
sts-subscription-kb5002191-fullfile-x64-glb.exe |
91BCDFF9524E0DDC604887188A18F4D9AF0B368C02836C72582A2E80CA7D1EE5 |
File information
Download the list of files that are included in security update 5002191.
Information about protection and security
Protect yourself online: Windows Security support
Learn how we guard against cyber threats: Microsoft Security
Change history
The following table summarizes some of the most important changes to this topic.
Date |
Description |
---|---|
April 15, 2022 |
Added a workaround to the "Known issues in this update" section for the first known issue. |
April 27, 2022 |
Added a known issue to the "Known issues in this update" section. |